<?php

session_start();
include '../database/connect.php';
$tbl_name = "students_login";
$username = $_POST['username'];
$password = $_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row

if ($count == 1) {
    $_SESSION['username'] = $username;
    $_SESSION['type'] = "students";
    $row = mysql_fetch_assoc($result);
    $_SESSION['user_id'] = $row['id'];

    header("location: ../views/staff_home.php");
} else {
    header("location: ../views/login.php?status=wrong");
//echo "Wrong Username or Password";
}
?>